bugfix: TSG-8003 预防证书链投毒

* 中间证书缓存openssl rebuild trust chain中可惜的中间证书, 不缓存服务端发送证书链中的证书

platform/src/ssl_stream.cpp

@@ -47,7 +47,7 @@
 
 static int SSL_CTX_EX_DATA_IDX_SSLMGR;
 static int SSL_EX_DATA_IDX_SSLSTREAM;
-static unsigned int ssl_ja3_debug;
+static unsigned int ssl_debug;
 
 #define MAX_NET_RETRIES        50
 #define	LATENCY_WARNING_THRESHOLD_MS		1000
@@ -289,6 +289,12 @@ struct fs_spec
 	enum ssl_stream_stat id;
 	const char* name;
 };
+
+unsigned int is_ssl_debug()
+{
+	return ssl_debug;
+}
+
 int sslver_str2num(const char * version_str)
 {
 	int sslversion = -1;
@@ -634,7 +640,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 		goto error_out;
 	}
 
-    MESA_load_profile_uint_def(ini_profile, section, "ssl_ja3_debug", &(ssl_ja3_debug), 0);
+    MESA_load_profile_uint_def(ini_profile, section, "ssl_debug", &(ssl_debug), 0);
     MESA_load_profile_string_def(ini_profile, section, "ssl_min_version", version_str, sizeof(version_str), "ssl3");
 	mgr->ssl_min_version = sslver_str2num(version_str);
 
@@ -820,7 +826,7 @@ static void peek_client_hello_cb(evutil_socket_t fd, short what, void * arg)
 	{
 		case CHELLO_PARSE_SUCCESS:
 		{
-            if (ssl_ja3_debug)
+            if (is_ssl_debug())
             {
                 char *addr = tfe_string_addr_create_by_fd(fd, CONN_DIR_DOWNSTREAM);
                 struct ssl_ja3 *fingerprint = ssl_ja3_generate_fingerprint(buf, n);